DontPhishMe is an anti-phishing addon for Mozilla Firefox that utilizes pattern matching technique to provide the Malaysian Internet user with information and notification to protect them against online banking phishing website that is specifically targeting financial institutions in Malaysia.

I’ve play around with Java Deployment Toolkit exploit last week and found that the exploit is damn easy to trigger, but mitigation is a bit tricky (for Firefox especially if you have multiple version of Java installed)

Anyway, the patch released and people dont have to worry much about this anymore.

I’ve wrote a short analysis on the exploit (sample taken from the wild) and soon to be published in the Lebahnet Blog (pending for review). I’ve also wrote Yara rule to detect this exploit and it can be used with Jsunpack for automated analysis 🙂 owh.. I’ll publish the rule soon 😉

Many people are talking about this exploit including this blog. By the time I read through the content, I’ve found that they had published a non-valid code (maybe due to improper de-obfuscation or error during copy and paste for the entry). I’ve left 2 comments, correcting 2 lines of code in the entry. They made the changes but delete my comments (poor me, no credit :P)

On April 19, 2010 we released the final version of the OWASP Top 10 for 2010. This version was updated based on numerous comments received during the comment period after the release candidate was released in Nov. 2009.